通过BGP的方式传递访问控制和限速信息,功能强大。可以用于防DDOS部署、网络特定报文计数等等。
配置方式如下:
宣告方r2
sys
flow-route test
if-match destination 192.168.0.1
apply traffic-rate 20000 /*限速
接收flowspec路由侧r1
在全局下使能 flowspec 统计功能
flowspec statistic enable
观察学习到的bgp流路由
BGP Local router ID is 3.3.3.3
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V - valid, I - invalid, N - not-found
Total Number of Routes: 1
* > ReIndex : 376833
Dissemination Rules:
Destination IP : 192.168.0.1/32
MED : 0 PrefVal : 0
LocalPref: 100
Path/Ogn : i
观察此路由流量情况
ReIndex: 376833
Rule number: 1
------------------------------------------------------------------------
Item Packets Bytes
------------------------------------------------------------------------
Matched 80306 8308179
------------------------------------------------------------------------
Last 30 seconds rate
------------------------------------------------------------------------
Item pps bps
------------------------------------------------------------------------
Matched 899 572864
------------------------------------------------------------------------
------------------------------------------------------------------------
Item Packets Bytes
------------------------------------------------------------------------
Passed 0 0
Dropped 0 0
------------------------------------------------------------------------
Last 30 seconds rate
------------------------------------------------------------------------
Item pps bps
------------------------------------------------------------------------
Passed 0 0
Dropped 0 0
------------------------------------------------------------------------
页面更新:2024-02-16
本站资料均由网友自行发布提供,仅用于学习交流。如有版权问题,请与我联系,QQ:4156828
© CopyRight 2020-2024 All Rights Reserved. Powered By 71396.com 闽ICP备11008920号-4
闽公网安备35020302034903号